Extracting data fro...
 
Notifications
Clear all

Extracting data from a factory reset Android mobile phone

11 Posts
6 Users
0 Likes
4,799 Views
(@sasmith)
Posts: 4
New Member
Topic starter
 

Hello,

With law enforcement quality software available, can data be extracted from a factory reset Android mobile phone?
My understanding is If the device is encrypted - unlikely to extract any usable data. If not encrypted - yes, fairly easily. Is this correct?

The model is Motorola Moto G4 XT1622. I've read from various sources that this model was NOT encrypted out of the box, despite shipping with Marshmallow. Is this correct?

Thank you.

 
Posted : 24/02/2020 12:38 pm
Igor_Michailov
(@igor_michailov)
Posts: 529
Honorable Member
 

The model is Motorola Moto G4 XT1622.

"OS Android 6.0.1 (Marshmallow), upgradable to 7.0 (Nougat)"
https://www.gsmarena.com/motorola_moto_g4-8103.php

The smartphone is encrypted by default.

 
Posted : 24/02/2020 1:35 pm
(@sasmith)
Posts: 4
New Member
Topic starter
 

The model is Motorola Moto G4 XT1622.

"OS Android 6.0.1 (Marshmallow), upgradable to 7.0 (Nougat)"
https://www.gsmarena.com/motorola_moto_g4-8103.php

The smartphone is encrypted by default.

Thank you for your reply, Igor. I was a little thrown by these links which suggested that this device is an anomaly from the Google guidelines about encryption - it has the OPTION to encrypt, but that it isn't encrypted by default

https://www.theguardian.com/technology/2016/jun/17/moto-g4-and-g4-plus-review-great-phone-no-longer-quite-so-budget
https://arstechnica.com/gadgets/2016/07/review-without-quick-updates-the-moto-g4-is-merely-good-not-great/

 
Posted : 24/02/2020 2:07 pm
Bolo
 Bolo
(@bolo)
Posts: 97
Trusted Member
 

As Igor writes it's Encrypted

 
Posted : 24/02/2020 3:07 pm
(@sasmith)
Posts: 4
New Member
Topic starter
 

Thank you. Am I correct about it being virtually impossible to retrieve usable data from a factory reset encrypted device?

 
Posted : 24/02/2020 5:18 pm
Bolo
 Bolo
(@bolo)
Posts: 97
Trusted Member
 

Yes - after FR on encrypted phones data are gone…. no option to get any data even using lowest method so directly from NAND by passing controller of eMMC

 
Posted : 25/02/2020 11:09 am
(@sasmith)
Posts: 4
New Member
Topic starter
 

Thank you. Is that even the case for chip off techniques? Can security tokens be extracted?

 
Posted : 04/03/2020 9:37 am
(@shadowplay)
Posts: 1
New Member
 

I have a phone that was accidentally factory reset on 3/6. I need to recover photos that were saved to the device prior to the reset. (No, there was no backup or sync at the time.) I've already rooted it, USB Debug on, SU allow, encryption appears to be off by default. I have tried some apps which are recovering stuff I believe was prior to the reset but it isn't what I'm looking for. The phone is an HTC Desire 626, model HTCD200LVW, Android 6.0.1. It was on the Verizon network at one point but hasn't been connected to a network in years. I had a tough time getting it rooted, apparently Verizon loaded the phones with something that made that difficult. Can confirm via SunShine s-off, & various root checkers that is is in fact rooted. The photos I need are screenshots that may be used in a custody issue later, otherwise it wouldn't be so important. Any help would be appreciated. Thanks.

Specs
https://www.gsmarena.com/htc_desire_626_(usa)-7421.php

 
Posted : 13/03/2020 8:20 pm
(@arcaine2)
Posts: 235
Estimable Member
 

I had a tough time getting it rooted, apparently Verizon loaded the phones with something that made that difficult. Can confirm via SunShine s-off, & various root checkers that is is in fact rooted. The photos I need are screenshots that may be used in a custody issue later, otherwise it wouldn't be so important. Any help would be appreciated. Thanks.

If it's already s-off then just create a dump and take a look. Realistically tho, it may be only possible to get those data back by using NAND protocol method that also requires you to do a chip-off first.

 
Posted : 14/03/2020 9:58 am
Bolo
 Bolo
(@bolo)
Posts: 97
Trusted Member
 

Maybe Garbage cleaning mechanism wasn't so effective … so try first as arcain writes normal dump after S-OFF or by performing ISp/Chipoff. If not then only NAND read and image assembly can be used to get back data

 
Posted : 16/03/2020 8:03 am
Page 1 / 2
Share: